- Ntldr
- Ntdetect.com
- Boot.ini
- Ntbootdd.sys
Windows Boot:
- After the power-on self test(POST) loads the system BIOS into memory. the BIOS reads the contents of the master boot record(MBR). The MBR takes control, finds the active partition, and loads the boot sector from the active partition.
- The boot sector program reads the root directory and loads Windows Loader(NTLDR).
- NTLDR loads the basic memory configuration and switches to 32-bit mode(protected mode). NTLDR then places itself into high memory to free as much memory space as possible.
- NTLDR reads boot.ini to find the operation system. If boot.ini is not present, NTLDR assumes the Windows OS is in the C:\Windows directory.
- NTLDR switches back to 16-bit mode and loads ntdetect.com, which is a 16-bit aplication. NTDETECT determines the computer's physical environment. This determination occurs every time Windows OS starts, so the environment can change for each boot.
- NTLDR loads into memory and reads the resource map that NTDETECT builds.
- NTLDR switches the system back to protected mode. NTLDR then sets up the ring 0 mode for the kernel and loads the proper kernel(NTOSKRNL) for the computer. NTLDR pulls in the proper Hardware Abstraction Layer(HAL) and all boot drivers. Everything that NTDETECT collects becomes the HKEY_LOCAL_MACHINE/HARDWARE Registry key.
- NTLDR starts the run process for NTOSKRNL.
沒有留言:
張貼留言